<?php
include("./config.php");
include("./utils.php");

checkLogin();

foreach ($_POST as $value){
	if ($value == "") {
	    die("Fail: some is null");
	    echo "Fail";
	    exit();
	}
}

$userid = trim($_POST['userid']);
$op = trim($_POST['op']);
$name = trim($_POST['name']);
$desc = trim($_POST['desc']);
$appe = trim($_POST['appe']);
$mode = trim($_POST['mode']);

$url = "";
$category = "";
//if ($op == 'item'){
  $url = trim($_POST['url']);
  $category = trim($_POST['category']);
//}

$sql="";

function get_sql($op, $userid, $name, $url, $desc, $category, $mode, $appe){
    $op=safe($op);
    $userid=safe($userid);
    $name=safe($name);
    $desc=safe($desc);
    $category=safe($category);
    $mode=safe($mode);
    $appe=safe($appe);
    $sql = "INSERT INTO `item`(`userid`, `name`, `url`, `desc`, `category`,`mode`,`appearance`) VALUES($userid, \"$name\", \"$url\", \"$desc\", $category,$mode,$appe)";
    return $sql;
}

$sql = get_sql($op, $userid, $name, $url, $desc, $category, $mode, $appe);

if($sql != ""){
    $sql=mysql_query($sql);
    if (!!(mysql_num_rows($sql))){
      $result = mysql_fetch_array($sql, MYSQL_ASSOC);
      $ID = mysql_insert_id();
      echo $ID;
    } else {
      echo mysql_error();
    }
}else{
    echo "Failed";
}

?>

